Read the Trump administration's draft of the executive order on cybersecurity

The draft of the executive order on cybersecurity calls for a review of cyber capabilities and vulnerabilities.

Executive Order??Strengthening U.S. Cyber Security and Capabilities

EXECUTIVE ORDER

STRENGTHENING U.S. CYBER SECURITY AND CAPABILITIES

By the authority vested in me as President by the Constitution and the laws of the United Statesof America, it is hereby ordered as follows:

Section 1. Policy.

It is the policy of the United States to defend and enhance the security of the Nation?s cyberinfrastructure and capabilities. Free and secure use of cyberspace is essential to advancing US.national interests. The Internet is a vital national resource. Cyberspace must be an environmentthat fosters ef?ciency, innovation, communication, and economic prOSperity without disruption,fraud, theft, or invasion of privacy. The United States is committed to: ensuring the long-termstrength of the Nation in cyberspace; preserving the ability of the United States to decisivelyshape cyberspace relative to other international, state, and non-state actors; employing the fullspectrum of our capabilities to defend US. interests in cyberspace; and identifying, disrupting,and defeating malicious cyber actors.

Sec. 3. Findings.

America?s civilian government institutions and critical infrastructure are currently vulnerableto attacks from both state and non-state actors. Criminals, terrorists, and state and non-stateactors are engaging in continuous operations that impose signi?cant costs on the US. economyand signi?cantly harm vital national interests. These operations may disrupt or disable thefunctioning of important economic institutions and critical infrastructure, and may potentiallycause physical effects that could result in signi?cant property damage and loss of life.

The cyber realm is undergoing constant, rapid change as a result of the pace of technologicalinnovation, the explosive global growth in Internet use, the increasing interdependenciesbetween the networks and the Operations of infrastructure and key economic institutions, and thecontinuously evolving nature of cyberattacks and attackers.

As a result of these changes, cyberSpace has emerged as a new domain of engagement,comparable in signi?cance to land, sea, air, and space, and its signi?cance will increase in theyears ahead.

The Federal Government has a reSponsibility to defend America from cyberattacks that couldthreaten US. national interests or cause signi?cant damage to Americans? personal or economicsecurity. That responsibility extends to protecting both privately and publicly operated criticalnetworks and infrastructure. At the same time, the need for dynamism, ?exibility, and

innovation in cyber security demands that government exercise its responsibility in closecooperation with private sector entities.

The executive departments and agencies (agencies) tasked with protecting civiliangovernment networks and critical infrastructure are not currently organized to act collectively/collaboratively, tasked, or resourced, or provided with legal authority adequate to succeed intheir missions.

3. De?nitions. As used in this order:

The term ?critical infrastructure? means systems and assets, whether physical or virtual, sovital to the United States that the incapacity or destruction of such systems would have adebilitating impact on security, national economic security, national public health or safety, orany combination of those matters.

The term ?national security system? means any telecommunications or information systemOperated by the Federal Government or any contractor on its behalf, the function, operation, oruse of which?

involves intelligence activities;

(ii) involves activities related to national security;

involves command and control of military forces;

(iv) involves equipment that is an integral part of a weapon or weapons system; or

is critical to the direct fulfillment of military or intelligence missions (but does not include asystem used for routine administrative and business applications, including payroll, finance,logistics, and personnel management applications).

Policy Coordination.

Policy coordination, guidance, diSpute resolution, and periodic in-progress reviews for thefunctions and programs described and assigned in this order shall be provided through theinteragency process established in National Security Presidential Directive of January 21,

2017 (Organization of the National Security Council and the Homeland Security Council), or anysuccessor.

Q. Review of Cyber Vulnerabilities.Scope and Timing.

A review of the most critical U.S. cyber vulnerabilities (Vulnerabilities Review) shallcommence immediately.

(ii) Within 60 days of the date of this order, initial recommendations for the protection ofUS. national security systems shall be submitted to the President through the Secretaryof Defense.

Within 60 days of the date of this order, initial recommendations for the enhancedprotection of the most critical civilian Federal Government, public, and private sectorinfrastructure, other than US. national security systems, shall be submitted to thePresident through the Secretary of Homeland Security.

(iv) The recommendations shall include steps to ensure that the responsible agencies areappropriately organized, tasked, and resourced, and provided with adequate legalauthority necessary to ful?ll their missions.

Review Participants. The Secretary of Defense shall co?chair the Vulnerabilities Review withthe Secretary of Homeland Security, the Director of National Intelligence, the Assistant to thePresident for National Security Affairs, and the Assistant to the President for Homeland Securityand Counterterrorism.

(0) Operation ofthe Vulnerabilities Review. The Co-Chairs of the Vulnerabilities Review shallassemble all information in the possession of the Federal Government that pertains to the mosturgent vulnerabilities to national security systems, the most urgent vulnerabilities to civilianFederal Government networks, and the most critical private sector infrastructure. All agenciesshall comply with any request of the Co-Chairs to provide information in theirpossession or control pertaining to US. cyber vulnerabilities. The Secretary of Defense, theSecretary of Homeland Security, the Assistant to the President for National Security Affairs, andthe Assistant to the President for Homeland Security and Counterterrorism may seek furtherinformation relevant to the Vulnerabilities Review from any appropriate source.

Review of Cyber Adversaries.Scope and Timing.

A review of the principal U.S. cyber adversaries (Adversaries Review) shallcommence immediately.

(ii) Within 60 days of the date of this order, a ?rst report on the identities, capabilities,and vulnerabilities of the principal U.S. cyber adversaries shall be submitted to thePresident through the Director of National Intelligence.

Review Pariiczpanis. The Director ofNational Intelligence shall co-chair the AdversariesReview with the Secretary of Homeland Security, the Secretary of Defense. the Assistant to thePresident for National Security Affairs, and the Assistant to the President for Homeland Securityand Counterterrorism.

(0) Operation ofthe Adversaries Review. The Co-Chairs of the Adversaries Review shallassemble all information in the possession of the Federal Government that pertains to theidentities, capabilities, and vulnerabilities of US. cyber adversaries. All agencies shall comply with any request of the Co-Chairs to provide information in their possession or controlpertaining to US. cyber adversaries. The Co~Chairs may seek further information relevant to theAdversaries Review from any appropriate source.

2. US. Cyber Capabilities Review.Scope and Timing.

Based on the results of sections 5 and 6 of this order, a review of the relevant cybercapabilities of the Department of Defense, the Department of Homeland Security, and theNational Security Agency (Capabilities Review) shall identify an initial set of capabilitiesneeding improvement to adequately protect U.S. critical infrastructure.

(ii) The Capabilities Review?s recommendations shall include steps to ensure that theresponsible agencies are appropriately organized, tasked, and resourced, and providedwith adequate legal authority necessary to ful?ll their missions.

Participants. The Secretary of Defense shall co?chair the Capabilities Review, with theSecretary of Homeland Security and the Director of the National Security Agency.

(0) Operation ofCapobz?lz?ries Review. The Co-Chairs of the Capabilities Review shall assembleall information in the possession of the Federal Government that pertains to relevant cybercapabilities of the Department of Defense, the Department of Homeland Security, and theNational Security Agency. All agencies shall comply with any request of the Co?Chairs to provide information in their possession or control pertaining to US. cyber capabilities.The Secretary of Defense, the Secretary of Homeland Security, and the Director of the NationalSecurity Agency may seek further information relevant to the Capabilities Review from anyappropriate source.

Workforce DeveZopmenr Review. In order to ensure that the United States has a long-term

cyber capability advantage, the Secretary of Defense and Secretary of Homeland Security shall also gather and review information from the Department of Education regarding computer

science, mathematics, and cyber security education from primary through higher education tounderstand the ?ll] scope of US. efforts to educate and train the workforce of the future. TheSecretary of Defense shall make recommendations as he sees ?t in order to best position the US.educational system to maintain its competitive advantage into the future.

(ii) Within 100 days of the date of this order, the Report recommending options shall besubmitted to the President through the Secretary of Commerce.

Participants. The Secretary of Commerce shall co-chair the group preparing the Report, withthe Secretary of the Treasury, the Secretary of Homeland Security, and the Assistant to thePresident for Economic Affairs. The Secretary of Commerce may also invite the Chair of theSecurities and Exchange Commission and the Chair of the Federal Trade Commission toparticipate.

(0) Operation ofReport. The Co-Chairs of the group that prepared the Report shall review andexpand on existing reports on economic and other incentives to: induce private sector owners andoperators of the Nation?s critical infrastructure to maximize protective measures; invest in cyberenterprise risk management tools and services; and adopt best practices with respect to processesand technologies necessary for the increased sharing of and response to real-time cyber threatinformation. All agencies shall comply with any request of the Co-Chairs to identifythose economic policies and incentives capable of accelerating investments in cyber securitytools, services, and software. The Secretary of the Treasury, the Secretary of Commerce, theSecretary of Homeland Security, and the Assistant to the President for Economic Affairs mayseek further information relevant to the Report from any appropriate source.

Sec. 2. General Provisions.

This order shall be implemented consistent with applicable law and subject to the availabilityof appropriations.

Nothing in this order shall be construed to impair or otherwise affect:

the authority granted by law to an executive department or agency, or any headthereof; or

(ii) the functions of the Director of the Of?ce of Management and Budget relating tobudgetary, administrative, or legislative proposals.

(0) All actions taken pursuant to this order shall be consistent with requirements and authoritiesto protect intelligence and law enforcement sources and methods. Nothing in this order shall beinterpreted to supersede measures established under authority of law to protect the security and

integrity of speci?c activities and associations that are in direct support of intelligence and lawenforcement Operations.

This order is not intended to, and does not, create any right or bene?t, substantive orprocedural, enforceable at law or in equity by any party against the United States, itsdepartments, agencies, or entities, its of?cers, employees, or agents, or any other person.